-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| composio-core | pip |
Miggo AIRoot Cause AnalysisThe GotoPage action's execute_on_browser_manager method takes a user-controlled 'url' parameter and passes it directly to browser_manager.goto(). There's no visible validation restricting URL schemes (like file://), enabling local file read via payloads like 'file:///etc/passwd'. This matches the SSRF behavior described in the advisory. While GET_PAGE_DETAILS action is mentioned, its implementation isn't shown in provided code snippets, so only GotoPage is confirmed.